Security breach confirmed in state-run healthcare exchange

Amid concerns that the Obamacare exchange web site Healthcare.gov may already have been compromised, it has been confirmed that the state-run web site in Vermont experienced a security breach in October.

The Burlington Free Press reported on Friday that officials overseeing the web site confirmed there was a breach on the system last month in which one user got improper access to another user’s Social Security number and other data.

An unidentified consumer reported that an unnamed sender mailed him a copy of his own application for insurance under the state exchange, the Free Press reported.

‘VERMONT HEALTH CONNECT IS NOT A SECURE WEBSITE!’ was written on the back of the envelope and was also (written) on the back of the last page of the printed out application,” said the incident report.

Vermont Health Access Commissioner Mark Larson said the incident was the only one of its kind since the web site launched Oct. 1, adding that technical changes have been made and the breach cannot be replicated today.

When asked about a security breach in a Nov. 5 meeting of the House Health Care Committee, Larson told U.S. Rep. Mary Morrissey, R-Vt., his department had investigated one such complaint and it had proven unfounded, the Free Press reported.

As for the Healthcare.gov web site, David Kennedy, CEO of information security firm TrustedSEC, told a House Science, Space, and Technology committee that “hackers are definitely after it,” Fox News reported last week.

“And if I had to guess, based on what I can see … I would say the website is either hacked already or will be soon,” Kennedy said.